The invention relates to a system and to a method for detection and display of the security status of appliances, and of appliances which are joined together to form complexes.
With the increasingly widespread use of public communications media such as the Internet or an Intranet and the standardized protocols (for example TCP/IP) which are used for them in automation technology, security aspects are becoming increasingly important. It can be expected that, in the future, automation appliances and systems will be used increasingly in a public communications environment. They therefore need to be equipped with powerful security mechanisms. These are referred to as so-called security extensions. Upgrading with security mechanisms and the introduction of appliances which are equipped with security mechanisms will not take place in one step in automation technology. This will result in coexistence of appliances with and without security mechanisms. For example, old appliances and low-cost appliances generally do not have any security mechanisms. Even in appliances with security mechanisms, individual security measures can be switched off, at least temporarily, for example for setting up purposes.
In the context used here, the meaning of the word security is as follows:                The appliances and/or the automation system have/has access protection, that is to say users can access the resources of the appliance only with rights assigned to them.        Communications protection exists, that is to say the data transfer from and to automation appliances and/or the data transfer via network components within an automation system are/is protected. In this case, the data is protected not only against changes to the data content (integrity), unauthorized monitoring (confidentiality) and infringement of reality (ensuring the authenticity including the lack of repetitions of already transmitted messages).        Ensuring the necessary availability. This means, for example, protection against DoS attacks (denial of service attacks: one such attack is a method for loading a PC with a large number of senseless questions via a network. The aim in this case is that the PC/server can no longer be accessed) or spoofing (spoofing in general means a confusion attempt; for example, IP addresses may be corrupted).        
In addition to the security status of a single automation appliance, the capability to identify the security of communications channels between the appliances involved and the overall security status of an automation system are also important. There are not yet any comprehensive solutions for security concepts for automation appliances and/or systems, since the appliances have until now been protected by compartmentalization of public accesses. In consequence, the problem has not occurred to the extent to be expected in the future. The increasingly widespread use of the Internet for automation technology as well means, however, that the introduction of powerful security mechanisms is important.